Cybersecurity

May 18, 2022
Posted by Kimberly Underwood
The Cybersecurity and Infrastructure Security Agency issued an emergency directive requiring federal agencies to apply VMware updates or remove specific VMware products from use until protective updates can be applied given four possible exploitable vulnerabilities that could allow cyber marauders to cause significant harm. Credit: Shutterstock/rafapress

On May 18, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED) (ED 22-03) that requires federal agencies to apply VMware updates or remove specific VMware products from use until protective updates can be applied. The products possess four possible exploitable vulnerabilities that would allow cyber marauders to execute remote code on a system without authentication and to elevate network access privileges.

“For all affected VMware products identified as being accessible from the internet, agencies are directed to assume a compromise and immediately disconnect the product from their network and conduct threat hunt activities,” CISA stated. 

May 1, 2022
By Kimberly Underwood
With Internet of Behaviors approaches being used more and more to influence human behavior, adding in explainable artificial intelligence platforms can aid humans’ understanding. Shutterstock/Zentangle

The application of explainable artificial intelligence to Internet of Behavior techniques may help provide a more trusted and understandable framework in changing human behaviors, researchers say. This combination of Internet of Things devices, artificial intelligence, data analytics and behavioral science can also achieve user and business benefits, according to a study.

May 1, 2022
By Robert K. Ackerman
While Russia has a strong community of private sector hackers willing to engage in global cyber attacks for their nation, the United States also has its own patriotic hackers who can engage in their own form of wreaking digital havoc in Russia—possibly in coordination with U.S. government efforts.  Alexander Geiger/Shutterstock

Russia’s well-known cyber attacks on Western nations could be setting the country up for a powerful backlash, offers a retired U.S. Army expert formerly based in Moscow. After years of relentless penetrations and attacks on databases and infrastructure in U.S. and NATO countries, Russia now is finding itself as much—if not more—of a target of reciprocal cyber assault capabilities increasingly wielded by the West.

May 1, 2022
By Kimberly Underwood
Adversaries such as China are employing Internet of Behaviors approaches on a wider scale.  Shutterstock/Hugethank

The confluence of advanced digital tools, such as computer vision, along with Internet of Things devices, data science and knowledge of human nature, is enabling the greater ability to track, analyze and prompt human behavior. The use of this approach, referred to as Internet of Behaviors, is expected to skyrocket, with an estimated 40 percent of the global population’s activities by 2023 thought to be tracked digitally to influence behavior, according to Stamford, Connecticut, research firm Gartner.

April 12, 2022
By Will Nelson
Lessons learned from the monarchs of history offer four modalities for coping with Russian cyber aggression. Credit: Shutterstock

Starting from the first recorded raid on the monastery of Lindisfarne in 793, Viking raids presented European rulers with an unprecedented challenge. Fast, sleek longships could stealthily deploy alongside the coasts of early medieval England and France, striking at wealthy, isolated targets and departing before local authorities could mount a response.

April 4, 2022
By Sandra Jontz
Mohan Tammisetti, senior vice president and COMSovereign’s chief engineer, demonstrates a prototype of the company’s portable, compact, easily deployable standalone communications system at the Commonwealth Cyber Initiative Living Innovation Lab at George Mason University. The standalone 5G wireless network hardware, available as a backpack or housed within a durable Pelican case, is powerful enough to keep an entire city’s secure communication needs up and running.

A future of warfighters having instantaneous access to actionable intelligence on the battlefield, traffic jam-free highways thanks to connected driverless vehicles and energy-efficient buildings that prepare for employees’ arrivals well before they even hit the parking lot each share a common need—secure and readily accessible 5G technology and the applications that make synchronization possible.

March 1, 2022
By Shaun Waterman
Artificial intelligence (AI)/machine learning (ML) is especially susceptible to hacking and can be attacked even without access to the computer network it runs on. Credit: Shutterstock/Sasun Bughdaryan

In the rush to implement national security use cases for artificial intelligence and machine learning, policymakers need to ensure they are properly weighing the risks, say experts in the field.

Like all software, artificial intelligence (AI)/machine learning (ML) is vulnerable to hacking. But because of the way it has to be trained, AI/ML is even more susceptible than most software—it can be successfully attacked even without access to the computer network it runs on.

February 22, 2022
By Dan Schulman
The Office of Management and Budget mandates that agencies allow Internet access to least one Federal Information Security Management Act Moderate system that requires authentication and is not currently Internet-accessible. Credit: jamesteohart/Shutterstock

 This article is part of a series that explores zero trust, cyber resiliency and similar topics.

The recently released federal zero-trust strategy from the Office and Management and Budget (OMB) and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) has one action area that has raised a few eyebrows within the zero trust community: Go ahead and open your applications to the Internet. Wait… what?

November 8, 2021
By John Dvorak
Zero trust may not be an entirely new concept, but it is still important, says John Dvorak, emerging technology specialist for Red Hat and a member of the AFCEA Technology Committee and Zero Trust Strategies Subcommittee.  By Matt Gibson/Shutterstock

More than just a technology focus, zero trust (ZT) is an invitation for all of us to think differently about cybersecurity. We are losing on the cybersecurity battlefield, and continued investment in more advanced versions of the same architecture patterns will not change that.

February 7, 2022
By John Speed Meyers, George Sieniawski, Thomas Pike and Jacqueline Kazil
Cybersecurity experts envision a decentralized group of U.S. government employees loosely working alongside both open-source software developers and industry software engineers to ensure the security of open-source software. Credit: farisazhar/Shutterstock. Edited by Chris D'Elia

Open-source software components now often comprise at least 80 percent of modern software applications, according to the best available estimate. They run the web servers that allow you to read this article, form the core of the mobile apps you use, and even help stealthier corners of government accomplish their missions—supporting U2 Dragon Lady missions, for example.

January 1, 2022
By J.D. Canclini
Technological solutions like the Defense Department’s combat cloud are important, but how such technologies are operationalized will be key to 6G network defense.  Shutterstock/Fit Ztudio

The spate of 2021’s high-profile cyber attacks has caused policymakers and practitioners to seriously reevaluate the state of security for U.S. critical infrastructure and key resources. From the unprecedented SolarWinds supply-chain infiltration to the Colonial Pipeline ransomware attack to the most recent allegations of Chinese state actors infiltrating tens of thousands of Microsoft Exchange mail servers, the scale and scope of cyber attacks against public and private U.S. networks are only worsening. As 5G—and eventually 6G—moves to increasingly meshed networks, the challenge of network defense only grows.

January 1, 2022
By Robert K. Ackerman
Educating and training people in cybersecurity will require a broader reach in both personnel and material.  Andrey Suslov/Shutterstock

The changing nature of threats and countermeasures cries out for new perspectives in cybersecurity, commercial experts say. Training and education must assume greater variety, but trainees also must be chosen from diverse backgrounds to provide new perspectives on threats and potential solutions.

January 1, 2022
By Dan Smith
Telemetry is the use of automation to manage communications across multiple data sources and speed the detection of threats.  Frame Stock Footage/Shutterstock

Across the federal government, agencies are dealing with an explosion of cybersecurity data from new sensors, hyper-scale cloud infrastructure, microservices and a geographically distributed workforce—and the pace shows no sign of slowing.

Automation drives the ability for agencies to process and analyze these massive workloads, but if not deployed and managed with proper expertise, they can add complexity and risk.

December 1, 2021
Posted by: George I. Seffers
The director of the Cybersecurity and Infrastructure Security Agency announced the appointment of 23 members of the agency’s new Cybersecurity Advisory Committee. Credit: Gorodenkoff/Shutterstock

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), announced today the appointment of the first 23 members of the agency’s new Cybersecurity Advisory Committee, a group that will advise and provide recommendations to the director on policies, programs, planning, and training to enhance the nation’s cyber defense.

December 1, 2021
By Robert K. Ackerman
Implementation of zero-trust security will require users to adopt new security measures and attitudes. Credit: metamorworks/Shutterstock

The human factor looms as the most imposing challenge to implementing zero-trust security, say experts. Aspects of this factor range from cultural acceptance to training, and sub-elements such as organizations and technologies also will play a role. Ultimately, change will have to come from the top of an organization to be truly effective.

All security measures depend to a large degree on human cooperation, but that is only part of the picture for zero trust. Its implementation will entail a massive change in security procedures both for users and for network architects. And, the ability to share information across organizational boundaries will be strongly affected at all government levels.

November 19, 2021
By Kimberly Underwood
The Department of Justice aims to hold government contractors and federal grant recipients accountable for weak cybersecurity. Credit: Shutterstock/Christopher E. Zimmer

The U.S. Department of Justice, or DOJ, is wielding the proverbial stick to improve cybersecurity across the federal government. Under the Civil Cyber-Fraud Initiative rolled out in October, the DOJ is increasing its actions against federal contractors and grant recipients that neglect to adhere to cybersecurity standards when providing technology solutions or services to the government. The department is relying on fraud provisions under the False Claims Act to pursue this cybersecurity-related legal action.

November 17, 2021
By Kimberly Underwood
Organizations are seeing the need to bring cybersecurity education to middle schoolers. Credit: Shutterstock/SpeedKingz

The need for the United States to not only have digital literacy but also cybersecurity-educated students is prompting the addition of programs into the middle school level. Students in grades 6-8 can benefit greatly from having a foundational understanding of cyber concepts, as can the nation, officials say.

The U.S. National Security Agency (NSA)/Central Security Service’s National Cryptologic School, which already has a robust offering of cyber education programs across the elementary, high school, college and graduate student levels, is growing its specific offerings to middle schools, teachers and kids age 12-14.

November 1, 2021
By Howard Sutton
U.S. Air Force Airmen speak with reporters on the new innovative Advanced Battle Management System (ABMS) Onramp 2 in September at Joint Base Andrews, Maryland. ABMS is the digital infrastructure which allows a level of connectivity and sensor compatibility for military at war.  Photo by Senior Airman Daniel Hernandez, 1st Combat Camera Squadron

In the current cybersecurity environment, live video and data distributed within physically secure environments, such as a sensitive compartmented information facility (SCIF), command and control centers, situational awareness or secure briefing centers, is no longer safe and secure.

October 28, 2021
By George I. Seffers
Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6 addresses the audience at TechNet Cyber in Baltimore. Photo by Michael Carpenter

The U.S. Army seeks to enhance the effectiveness of local cybersecurity defenders—and ultimately the joint force cyber warriors—by revamping organizational design, fielding the best technologies and improving training, Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6, told the audience at the TechNet Cyber conference in Baltimore.

“Here’s my thesis: we have a lot of folks that are doing cybersecurity work, but we are not optimized across the entire joint force to conduct cybersecurity operations,” Gen. Morrison declared.

October 28, 2021
By Kimberly Underwood
As part of its academic engagement strategy, U.S. Cyber Command is partnering more closely with the National Defense University and will assist with NDU’s new University Consortium for Cybersecurity effort expected to begin in December, says David Frederick, the command’s executive director. Photo by Michael Carpenter

For the last eleven years, the U.S. Cyber Command, which conducts cyber operations in defense of the nation, has partnered closely with government organizations and private industry to advance is mission. Now, the command, known as USCYBERCOM, is working to bolster its activities with academia as part of its comprehensive engagement plan. It recently launched a new academic engagement strategy that will broaden its communications with more U.S. universities; harness cyber research; promote cyber careers; and add analytical capabilities.

October 25, 2021
Posted by Kimberly Underwood
Secretary of State Antony Blinken hosts a town hall with the State Department’s chiefs of mission at the department’s Washington, D.C., headquarters on October 25. Secretary Blinken has approved the creation of a new bureau-level cyber organization at the department. Credit: State Department photo by Freddie Everett

The United States is adding another tool in its attempt to improve cybersecurity. The U.S. State Department is in the process of standing up a bureau of cyberspace and digital policy. The new organization will conduct cyber diplomacy around the globe and set international norms around cybersecurity. The department is also creating a new position at State called the special envoy for critical and emerging technology.

Compared to an ambassador who is stationed in a foreign country to increase bilateral ties with the United States, a special envoy oversees a specific portfolio, in this case, critical and emerging technology. Both the senior bureau official and the special envoy roles would require Senate confirmation.

October 1, 2021
By Col. Dean Hullings, USAF (Ret.)
Military readiness relies on an exchange of information among many different systems, which creates numerous cybersecurity challenges. Credit: U.S. Defense Department/J.M. Eddins Jr., Air Force

With no end in sight to the ever-increasing cybersecurity challenges, the federal government must move quickly and deliberately to adopt an architecture to protect against all outside threats. This means building on existing strengths and bolstering cybersecurity strategies.

October 1, 2021
By Rick Palermo
An important step toward Cybersecurity Maturity Model Certification is to conduct a Certified Third Party Assessor Organizations (C3PAO) assessment. Credit: Shutterstock/H_Ko

Cybersecurity Maturity Model Certification is a serious and involved process that will take time and resources, and for small companies, it’s often difficult to know where to start. Using these 12 steps, companies can effectively manage the transition from noncompliance to compliance.

August 1, 2021
By Jeremy Miller and Dawn Yankeelov
Workforce development must include education and training for cyber readiness.  Envato/mstandret

The small business sector must seize the day and immediately begin taking the steps necessary to implement tools for cyber resilience and cyber readiness. Scaling cybersecurity services, education and training are crucial to national security.

Regarding the cyber warfare landscape for 2021, the most critical group to secure is the small and midsize business sector (SMBs), particularly following the pandemic. When working with tech-specific organizations and the military, process management and a sense of purpose can overcome inertia and apathy until a financial loss appears.

August 2, 2021
 

Delphinus Engineering Inc.,* Eddystone, Pennsylvania (N64498-21-D-4044); Q.E.D.

July 22, 2021
By Kimberly Underwood
U.S. Air Force airmen at Andersen Air Force Base, Guam, work to refuel an F-35A Lighting II aircraft assigned to Eielson Air Force Base, Alaska during the Cope North exercise in February. The airmen were conducting agile combat employment, or ACE, training during the exercise. The service’s ACE operations, which aim to bring more agility, resiliency and deterrence in a near-peer competitive environment, will be supported by its zero-trust architecture platforms. Credit: Pacific Air Forces/Senior Airmen Jona

Led by the Air Combat Command, the U.S. Air Force is pursuing zero-trust architecture on a level not seen before. One of the service’s first main use cases applies the cybersecurity measure to the agile combat employment (ACE). ACE operations provide a more lean, agile and lethal force that can generate airpower from multiple locations. ACE requires a different kind of command and control (C2) environment, as well as advanced planning concepts and logistical supply line support.

June 22, 2021
By Kimberly Underwood

Following the success of some initial, smaller-scale efforts, the U.S. Air Force is pursuing zero trust architecture on a level not seen before. The service’s Air Combat Command is leading the charge into many more initiatives with a comprehensive view to employ zero trust architecture across its bases, weapon systems and missions.

July 1, 2021
By Lt. Col. Ryan Kenny, USA
Defending digital ecosystems from information pollution data operators should be a mission the U.S. national security apparatus conducts.  Shutterstock/ NDE12019

3rd Place in The Cyber Edge 2021 Writing Contest

A military-age male left home and traveled through the city, unaware he was being surveilled. Those watching him knew his patterns and preferences. They collected his point of departure, route and destination to predict when he would be most vulnerable for attack. Arriving at a marketplace, he meandered through a few high-traffic areas. Passing down a quiet corridor, he finally provided a clear shot. His smartphone buzzed and its screen flashed: “Two-for-one sale at the nearby pretzel shop!” He was struck by a precision-guided advertisement.

June 14, 2021
 
Credit: ZinetroN/Shutterstock

A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.

June 9, 2021
 

Bowhead Cybersecurity Solutions and Services, Springfield, Virginia is awarded a $92,308,000 cost-plus fixed-fee and cost-only contract for senior consultation support services. Work will be performed in the Washington, D.C. area and is expected to be completed by June 2026. Fiscal 2021 operation and maintenance (Navy) funding in the amount of $2,500,000 will be obligated at the time of award. There are no options for this contract award. This funding would have expired at the end of the current fiscal year if this award had not been made. This contract was a directed in accordance with Section 8(a) of the Small Business Act (15 USC 637(a)(1)) and the Federal Acquisition Regulation part 19.8.

June 1, 2021
By Mark Spangler
 Cyber program managers must review their plans to respond to today’s evolving threat environment.  Shutterstock

Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.

May 24, 2021
 
Cyber adversaries are creating a “wild west” environment in cyberspace where organizations must be aware of their security to protect themselves, said Gene Yoo, CEO of Resecurity Inc. Credit: Shutterstock

Recent cyber attacks against critical infrastructure such as the attack on Colonial Pipeline Co. has put cybersecurity in the spotlight.

But combating cyber adversaries is a broad area requiring significant amounts of human intelligence and a deep technical expertise to identify them, Gene Yoo, CEO of Resecurity Inc., told SIGNAL Magazine Editor-in-Chief Robert K. Ackerman during a SIGNAL Media Executive Video interview.

Adversaries come in different types, he added, noting that these range from part-time hacktivists to skilled professionals working for criminal organizations or state intelligence agencies.

May 19, 2021
By Robert K. Ackerman
 Credit: metamorworks/Shutterstock

Cyber education and training should begin not in college, not in secondary school, not in middle school, not in elementary school, but at home as soon as children are able to view or use social media, say some experts. This training is important not just to lay the groundwork for future cybersecurity professionals in a field starved for expertise, but also to instill good cyber hygiene habits that can be passed on to other family members.

May 13, 2021
By Kimberly Underwood
The new cybersecurity executive order from the White House calls for the federal government’s increased use of multifactor authentication, encryption, endpoint detection response, breach logging, zero-trust architecture and cloud computing, according to a senior administration official. Credit: Shutterstock/Andrea Izzotti

In an effort to increase critical infrastructure cybersecurity and better protect federal networks, President Joseph Biden signed an executive order on May 12. It includes provisions to improve information sharing between industry and the U.S. government, overhaul federal cybersecurity standards, spur the further use of cloud computing and zero trust architecture, and mandate the use of multifactor authentication and encryption. Amongst other measures, the executive order establishes a Cybersecurity Safety Review Board that would dissect a significant cyber incident and make recommendations for action.

May 1, 2021
By Kevin Tonkin
U.S. Marines assigned to the Defensive Cyberspace Operations–Internal Defensive Measures Company, 9th Communications Battalion, review network configurations in the current operations tent at Marine Corps Base, Camp Pendleton. The company executes defensive cyberspace operations for the Marine Corps Enterprise Network. Photo by Cpl. Cutler Brice, USMC, I Marine Expeditionary Force

The massive cyber attack on the United States via information technology vendor SolarWinds continues to send shockwaves through the departments of Defense, State and Homeland Security as well as other agencies. Damage assessments are ongoing. If the U.S. government in general and Defense Department in particular are to successfully defend against attacks by well-funded, patient and highly motivated enemies, they will need to change their approach to defending their networks and systems.

April 28, 2021
 
Getting privileged access management right involves making sure the right security tools are in place and determining that they are easy to use and can interoperate with legacy software and systems, says Ross Johnson, director of federal sales for Thycotic Software Ltd. Credit:Shutterstock

The recent wave of high-profile cyber attacks on federal government agencies and the businesses that support them has gotten organizations thinking about security. A key part of any organization’s security strategy is access management—determining who can access certain kinds of information and resources and when and/or where they can do so.

But determining where to start can often be delayed by indecision due to over-analysis and caution, explains Ross Johnson, director of federal sales for Thycotic Software Ltd. The first and most important thing an organization can do is to make the decision to take inventory of all their data assets.

April 14, 2021
 
The DOD is concerned about the cybersecurity of additive manufacturing systems, said David Benhaim, co-founder and chief technology officer for Markforged. Credit: Shutterstock

The U.S. Department of Defense is looking at additive manufacturing technologies to rapidly prototype and build equipment components and increasingly, to potentially make replacement parts in the field.

While additive manufacturing, the ability to build plastic and metal parts by depositing a fine spray of material, has been used by the aerospace and defense sectors for some time, the capability is now becoming more portable. One such project is the U.S. Marine Corps’ X-Fab effort, which uses a shipping container loaded with compact additive manufacturing equipment that can be shipped anywhere in the world to make replacement parts.

April 9, 2021
By Robert K. Ackerman
A communications tower for military 5G rises above a forest. Several challenges loom as the U.S. Defense Department strives to implement 5G into the force. Credit: M.Moira/Shutterstock

The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.

April 1, 2021
By Kimberly Underwood
Lt. Col. Brian Wong, USA, chief of market research for the Army’s Network Cross Functional Team (c), assesses the waveform strength of several mobile ad hoc network radio signals during a Rapid Innovation Fund capstone event in 2019 in Yakima, Washington. Engineers at Johns Hopkins’ Applied Research Lab are looking into how to build a large scale network of intelligent radios, among other tactical communications efforts.    USA/PEO C3T Public Affairs

Software-defined networks, commercial satellite communications, cognitive electronic warfare, intelligent radios and artificial intelligence applications all potentially offer the military advanced capabilities for the tactical environment, say Johns Hopkins University Applied Physics Laboratory’s (APL’s) Julia Andrusenko, chief engineer, Tactical Wireless Systems Group, and Mark Simkins, program manager, Resilient Tactical Communications Networks. 

April 1, 2021
By Matt Toth and Richard Chitamitre
Training sessions, such as Cyber Shield 19, provide cybersecurity analysts opportunities to train, exchange best practices and test their cyber mettle. Credit: Army Staff Sgt. George B. Davis

The nature of military permanent change of station assignments can create gaps in the U.S. Defense Department’s protected posture to cyber assets. The current approach allows valuable institutional knowledge literally to walk out the door, often being replaced with inadequately prepared personnel walking in. This practice runs contrary to the Pentagon’s stated strategic goals that aim at building and maintaining a skilled workforce rather than solely acquiring new tools.

April 1, 2021
By Miroslav Nečas
The NATO Ministers of Defence meet in February to prepare for its summit later this year. Among the topics socially distanced attendees discussed were progress on burden sharing and missions in Afghanistan and Iraq. Credit: NATO

NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.

To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.

March 1, 2021
By Robert K. Ackerman
Credit: DHS

The entire nation must engage in an informed debate about cybersecurity and how to stop the damage being inflicted by adversaries through cyberspace, says the director of intelligence for the U.S. Cyber Command. Brig. Gen. Matteo Martemucci, USAF, J-2 for the U.S. Cyber Command, says this debate must explore whether the roles played in cyber defense stay the way they are or change.

February 9, 2021
 

The Boeing Co., St. Louis, Missouri, was awarded a $10,579,798 modification (P00004) to contract W58RGZ19F0045 to integrate, test, upgrade and field functional hardware and software technology improvements and cybersecurity controls, to the Longbow Crew Trainer Generation Four and Generation Five fleets. Work will be performed in St. Louis, Missouri, with an estimated completion date of April 2, 2022. Fiscal year 2019 aircraft procurement (Army) funds in the amount of $10,579,798 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity.

February 11, 2021
By Robert K. Ackerman
Stacy Bostjanick (r), director of CMMC, Office of the Under Secretary of Defense (A&S), warns of CMMC certification companies that are not themselves certified in a discussion at AFCEA NOVA Intelligence Community IT Day.

Companies preparing for Cybersecurity Maturity Model Certification (CMMC) should beware of firms that are promising to get them certified, said a government official. Stacy Bostjanick, director of CMMC, Office of the Under Secretary of Defense (A&S), stated that any firms claiming to be able to do that are not capable of that function yet.

February 2, 2021
 

Cyber Systems and Services Solutions, Bellevue, Nebraska, has been awarded a $17,765,741 firm-fixed-price and cost-plus-fixed-fee modification (P0010) to contract FA8773-18-D-0002 to exercise Option Three for defensive cyber realization, integration and operational support services. Work will be performed at Joint Base San Antonio (JBSA)-Lackland, Texas, and is expected to be completed February 28, 2022.  This modification is the result of a competitive acquisition and seven offers were received. Fiscal 2021 operation and maintenance funds in the amount of $8,764,731 are being obligated at the time of award. The 38th Contracting Squadron, JBSA-Lackland, Texas, is the contracting activity.

February 2, 2021
By Robert K. Ackerman
China owes much of its economic growth to technologies purloined from the United States via cyber espionage. Credit: Sangoiri/Shutterstock

The greatest threat the United States faces is through cyber attacks on economic targets, and the worst adversary in this realm is China, according to the director of intelligence for the U.S. Cyber Command. Brig. Gen. Matteo Martemucci, USAF, J-2 for the Cyber Command, declared that China’s pilferage of intellectual property represents a major strike against the United States as part of the Middle Kingdom’s plan for global domination.

February 2, 2021
 

Booz Allen Hamilton Inc., McLean, Virginia, has been awarded a $21,744,548 cost-plus-fixed-fee modification (P00032) to contract FA8750-17-F-0105 for enterprise exploitation and information assurance. This contract modification provides for additional hours to facilitate development of electro-optical emerging data sources as part of the Assured Cyber Enterprise for the Intelligence Community Program.  Work will be performed in McLean, Virginia, and is expected to be completed September 28, 2021. Fiscal 2020 research, development, test and evaluation funds in the amount of $74,381 are being obligated at the time of award.

January 29, 2020
By Kimberly Underwood
The FBI is examining how zero trust architecture could apply to its cybersecurity measures. Credit: Shutterstock/Kristi Blokhin

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

January 22, 2021
By Maryann Lawlor
While many cybersecurity recommendations have focused on the activities of the federal government, AFCEA Cyber Committee members recognize the role of state and local authorities in information security. Credit: Shutterstock/ESB Professional

The cybersecurity of civil government, critical infrastructure and business infrastructure remains uneven. Worrying reports of ransomware affecting city and county governments as well as local health care organizations have put leaders and administrators, and infrastructure operators on edge.

January 14, 2021
By Julianne Simpson
The future enterprise will be edge-centric, cloud enabled and data driven, says Bill Burnham, CTO, U.S. Public Sector Business Unit, Hewlett Packard Enterprise.

The future enterprise will be edge-centric, cloud enabled and data driven, said Bill Burnham, CTO, U.S. Public Sector Business Unit, Hewlett Packard Enterprise.

He shared his ideas during an AFCEA online event titled “The Edge Is Where the Action Is!”